Public Statements

Cyber Intelligence Sharing and Protection Act

Floor Speech

The proponents of this legislation, who are all friends and well intentioned, have repeatedly said there's a real threat, a threat to our critical infrastructure, affecting our waterworks, and our electric grid. But this bill is so poorly constructed it is not designed to protect against those threats. There are any number of flaws with it.

The American Civil Liberties Union points out that there would be an exception to all privacy laws; and it would allow companies to share private and personal data that they hold on their American customers, actually, among themselves and with the government. It would not limit companies to sharing only technical or nonpersonal data. They'd be free from any liability of misuse. They would only have to plead good intentions.

The bill fails to narrowly define the privacy laws it would contravene; it fails to put the cybersecurity efforts in a civilian agency; it fails to require companies to remove personal identifiable information about individuals; it fails to sufficiently limit the government's use of information; it fails to create a robust oversight and accountability structure. With the bill in its current form, there's no requirement that personal information must be removed. There's no consumer or stakeholder group involved in the oversight. There's no way for any member of the public to know if their data has been shared in error, and on and on.

And I should point out that it is not just the American Civil Liberties Union that opposes this. Even the American Library Association opposes it. The President, himself, says, if this passes, he will veto it. Passing this bill in response to the cyberthreat would be like going into Iraq because al Qaeda terrorists were a real threat.